2

Suppose I'm connecting to HTTPS server with self-signed certificate using NSURLConnection. I (really) want to do the following weird things: compare a certificate byte by byte with my local copy and check if the IP address of the server hostname is the same as my local copy. The reason I want to do that is a conclusion of the original problem: kSecTrustResultRecoverableTrustFailure when connecting to https with self-signed certificate using NSURLConnection

Right now I don't understand how to

  1. Retrieve server's certificate I've got on the current connection
  2. Get the IP address of the server I'm connected to

I didn't find any working example and any mention in the documentation of how to do that. Is that possible to resolve these problems using NSURLConnection and related C/Objective-C stuff?

I guess if both problems can't be resolved normally—they can be workarounded by custom IP address resolving and custom certificate downloading (using openssl library, for example). But that sounds terrible/nonsense to me because that will be completely different connections, not the current one I'm making with NSURLConnection.

Community
  • 1
  • 1
alopatindev
  • 53
  • 1
  • 6
  • OK, #1 has been resolved with SecTrustGetCertificateAtIndex: https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#iOS – alopatindev Jun 16 '14 at 21:40
  • This may be helpful to you: [Get peer IP address and port on OSX in objective-c from NSStream, CFStream or Socket](http://stackoverflow.com/questions/20050274/get-peer-ip-address-and-port-on-osx-in-objective-c-from-nsstream-cfstream-or-so) and [Network Programming: Chapter 7 - iPhone SDK Application Development](http://oreilly.com/iphone/excerpts/iphone-sdk/network-programming.html). – jww Jun 16 '14 at 22:15

0 Answers0